[projects/pld-builder.new.git] / doc / README.bin-builder

new bin builder setup

packages and chroot
~~~~~~~~~~~~~~~~~~~
1. install pld-builder from th repoistory on target host

2. create chroot /srv/chroot
(you can symlink to real dest for the sake of copy-paste from here)
mkdir -p /srv/chroot

- if you're using rpm < 4.5-29, make system rpmdb linked to target rpmdb, as
  rpm gets it all very messy. see LP#395177.
mv /var/lib/rpm{,-host}
ln -s /srv/chroot/var/lib/rpm /var/lib/rpm
install -d /srv/chroot/var/lib/rpm
rpm -r /srv/chroot --initdb

therwise it's just:
rpm -r /srv/chroot --initdb

- install distro gpg key as default th config packages are signed and sign verify enabled in config:
rpm -r /srv/chroot --import /etc/pki/rpm-gpg/PLD-*.asc

- setup minimal /dev
install -d /srv/chroot/dev
cp -a /dev/{full,null,random,urandom,zero} /srv/chroot/dev

- install vserver-packages, but as it is usually hidden, so you must unhide it
  with --noignore:
poldek -r /srv/chroot -u vserver-packages -Q --noignore

- install pld-builder-chroot from th repos
poldek -r /srv/chroot -u pld-builder-chroot -Q --sn th --sn th-ready

- make rpmdb readable for builder user
chmod -R a+rX /srv/chroot/var/lib/rpm

- setup /srv/chroot/etc/resolv.conf so if you enter manually you can work with poldek
cat /etc/resolv.conf > /srv/chroot/etc/resolv.conf

- restore rpmdb hack
rm -f /var/lib/rpm
mv /var/lib/rpm{-host,}

gpg keys
~~~~~~~~
1. import src builder key to bin builder so it can download queue.gz

src-builder$ gpg --export builder-th-src@pld-linux.org --armor > th-src.asc
bin-builder$ gpg --import < th-src.asc

2. generate new key for bin builder and import it to src builder so it can
   accept spool/notify messages

3. import that public key to src builder keyring
bin-builder$ gpg --gen-key
bin-builder$ gpg --export KEYID --armor > th-i686.asc
src-builder$ gpg --import < th-i686.asc
 
ssh keys
~~~~~~~~

generate key on bin builder and add it to authorized_keys of ftp account

i.e account where you push your uploads:
[th-i686]
ftp_url = scp://fpldth@ep09.pld-linux.org:ftp/.tree/.incoming/i686/

bin-builder$ ssh-keygen
bin-builder$ ssh-copy-id -i .ssh/id_rsa.pub fpldth@ep09.pld-linux.org

buildlogs
~~~~~~~~~
buildlogs are copied with rsync. ask buildlogs.pld-linux.org admin to allow your ip
also you need to setup password that is used to authenticate in rsync-passwords

sudo access
~~~~~~~~~~~
make sure builder user (who runs crons) can sudo chroot to the chroots:
builder ALL=(ALL) NOPASSWD: /usr/sbin/chroot /home/users/builder/chroot-th *

testing
~~~~~~~

keep /var/lib/pld-builder/spool/log running with tail -f
run the cronjobs under builder account.
Commit	Line	Data
3ef2319d ER	1	new bin builder setup
	2
	3	packages and chroot
	4	~~~~~~~~~~~~~~~~~~~
a60b3c2f	5	1. install pld-builder from th repoistory on target host
3ef2319d	6
0811c9fe ER	7	2. create chroot /srv/chroot
	8	(you can symlink to real dest for the sake of copy-paste from here)
	9	mkdir -p /srv/chroot
3ef2319d	10
0811c9fe ER	11	- if you're using rpm < 4.5-29, make system rpmdb linked to target rpmdb, as
	12	rpm gets it all very messy. see LP#395177.
	13	mv /var/lib/rpm{,-host}
	14	ln -s /srv/chroot/var/lib/rpm /var/lib/rpm
7f1451d2 ER	15	install -d /srv/chroot/var/lib/rpm
	16	rpm -r /srv/chroot --initdb
	17
	18	therwise it's just:
	19	rpm -r /srv/chroot --initdb
3ef2319d	20
c4bb8d09	21	- install distro gpg key as default th config packages are signed and sign verify enabled in config:
0811c9fe	22	rpm -r /srv/chroot --import /etc/pki/rpm-gpg/PLD-*.asc
823ab54a ER	23
823ab54a ER	24	- setup minimal /dev
0811c9fe ER	25	install -d /srv/chroot/dev
	26	cp -a /dev/{full,null,random,urandom,zero} /srv/chroot/dev
	27
	28	- install vserver-packages, but as it is usually hidden, so you must unhide it
	29	with --noignore:
	30	poldek -r /srv/chroot -u vserver-packages -Q --noignore
823ab54a	31
c4bb8d09 AM	32	- install pld-builder-chroot from th repos
c4bb8d09 AM	33	poldek -r /srv/chroot -u pld-builder-chroot -Q --sn th --sn th-ready
823ab54a	34
0811c9fe ER	35	- make rpmdb readable for builder user
0811c9fe ER	36	chmod -R a+rX /srv/chroot/var/lib/rpm
3ef2319d ER	37
3ef2319d ER	38	- setup /srv/chroot/etc/resolv.conf so if you enter manually you can work with poldek
0811c9fe ER	39	cat /etc/resolv.conf > /srv/chroot/etc/resolv.conf
	40
	41	- restore rpmdb hack
7f1451d2	42	rm -f /var/lib/rpm
0811c9fe	43	mv /var/lib/rpm{-host,}
3ef2319d	44
3ef2319d ER	45	gpg keys
	46	~~~~~~~~
	47	1. import src builder key to bin builder so it can download queue.gz
	48
7f1451d2	49	src-builder$ gpg --export builder-th-src@pld-linux.org --armor > th-src.asc
c4bb8d09	50	bin-builder$ gpg --import < th-src.asc
3ef2319d ER	51
	52	2. generate new key for bin builder and import it to src builder so it can
	53	accept spool/notify messages
	54
3ef2319d	55	3. import that public key to src builder keyring
7f1451d2	56	bin-builder$ gpg --gen-key
c4bb8d09 AM	57	bin-builder$ gpg --export KEYID --armor > th-i686.asc
c4bb8d09 AM	58	src-builder$ gpg --import < th-i686.asc
3ef2319d ER	59
	60	ssh keys
	61	~~~~~~~~
	62
	63	generate key on bin builder and add it to authorized_keys of ftp account
	64
	65	i.e account where you push your uploads:
c4bb8d09 AM	66	[th-i686]
c4bb8d09 AM	67	ftp_url = scp://fpldth@ep09.pld-linux.org:ftp/.tree/.incoming/i686/
3ef2319d	68
7645851c ER	69	bin-builder$ ssh-keygen
	70	bin-builder$ ssh-copy-id -i .ssh/id_rsa.pub fpldth@ep09.pld-linux.org
	71
3ef2319d ER	72	buildlogs
3ef2319d ER	73	~~~~~~~~~
b5c75b4f	74	buildlogs are copied with rsync. ask buildlogs.pld-linux.org admin to allow your ip
924f79a3	75	also you need to setup password that is used to authenticate in rsync-passwords
3ef2319d ER	76
	77	sudo access
	78	~~~~~~~~~~~
	79	make sure builder user (who runs crons) can sudo chroot to the chroots:
c4bb8d09	80	builder ALL=(ALL) NOPASSWD: /usr/sbin/chroot /home/users/builder/chroot-th *
3ef2319d ER	81
	82	testing
	83	~~~~~~~
	84
924f79a3	85	keep /var/lib/pld-builder/spool/log running with tail -f
3ef2319d	86	run the cronjobs under builder account.